#finfishercom — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #finfishercom, aggregated by home.social.
-
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on IPs LARGE LIST
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #AMER on these IPs LARGE LIST hosting since November 2022ish for #Prosecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
40.115.118.6²
40.115.117.30³ (fast .ly)
151.101.41.184⁴
172.56.140.14⁵
173.194.166.106⁶
173.194.166.106⁷
199.232.92.157⁸ Twitter
104.244.42.66⁹
151.101.190.110¹⁰
138.91.55.166¹¹
192.229.173.16¹² Twitter
104.244.42.139¹³
173.194.166.171¹⁴
152.199.24.185¹⁵
165.254.198.210¹⁶ Fast .ly
151.101.42.2¹⁷ Twitter
104.244.42.70¹⁸ Fast .ly
151.101.40.193¹⁹ Twitter
104.244.42.134²⁰ Fast .ly
151.101.40.84²¹
216.239.34.117²²
104.26.2.192²³
104.26.3.192²⁴
172.67.72.251²⁵
redirect.redhat.com²⁶
192.229.210.163²⁷
172.67.28.154²⁸
104.18.10.19²⁹
104.244.42.69³⁰
944ellb0102-vip01.blackmesh.com³¹
151.101.41.67³² Fast .ly
151.101.40.81³³
104.26.10.153³⁴
151.101.41.188³⁵
104.26.13.149³⁶
104.26.12.149³⁷
63.241.199.113³⁸ Local ISP exploit try ip (private)
192.0.66.2³⁹
162.159.153.4⁴⁰
104.18.16.202⁴¹
104.26.3.29⁴²
104.26.2.29⁴³ NYC Twitter
72.21.91.70⁴⁴ Fast .ly
151.101.2.187⁴⁵ Fast .ly
151.101.66.187⁴⁶
13.86.218.255⁴⁷
209.234.235.188⁴⁸
104.26.15.185⁴⁹
172.67.69.125⁵⁰
52.239.139.228⁵¹
104.17.83.11⁵²
104.17.32.62⁵³
104.244.42.130⁵⁴
20.189.172.0⁵⁵
172.67.222.28⁵⁶
151.101.41.73⁵⁷
13.86.218.248⁵⁸
104.27.203.89⁵⁹
104.16.13.194⁶⁰
104.244.42.133⁶¹
151.101.130.132⁶²
172.67.73.80⁶³
104.26.6.15⁶⁴
104.22.33.123⁶⁵
dns11.quad9.net⁶⁶
104.244.42.198⁶⁷
104.244.42.2⁶⁸
104.244.43.131⁶⁹
208.54.152.122⁷⁰
208.54.150.98⁷¹
52.236.40.36⁷²
104.18.23.15⁷³
104.26.1.5⁷⁴
172.67.71.43⁷⁵
199.232.93.184⁷⁶
151.101.2.217⁷⁷
199.232.92.81⁷⁸
104.26.0.5⁷⁹
151.101.130.217⁸⁰
151.101.66.217⁸¹
104.26.6.18⁸²
104.18.22.15⁸³
104.26.7.18⁸⁴
104.21.78.132⁸⁵
104.244.42.6⁸⁶
199.232.92.200⁸⁷
20.60.40.36⁸⁸
52.245.40.74⁸⁹
104.244.42.194⁹⁰
199.232.94.110⁹¹
172.67.72.57⁹²
192.229.173.16⁹³
104.244.42.193⁹⁴
208.54.106.98⁹⁵
104.244.42.65⁹⁶
104.244.42.193⁹⁷
151.101.67.52⁹⁸
104.244.42.3⁹⁹
151.101.67.52¹⁰⁰
104.244.42.1¹⁰¹
192.229.173.16¹⁰²
151.101.40.159¹⁰³
104.244.42.11¹⁰⁴
152.199.24.185¹⁰⁵
152.199.24.185This is just # attaccc nodes for the past two years I have logged as #FinFisher shims/proxies/nodes. Every single one of these tried a MITM attaccc & multiple other OTS exploits. They were blocked and logged.
Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #CloudFront
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #AMER on #CloudFront hosting since November 2022ish for #Prosecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
server-18-155-192-115.sfo53.r.cloudfront.net²
65.8.17.126³
65.8.166.214This is just #CloudFront attaccc nodes for the past two years I have logged as #FinFisher shims/proxies/nodes. Every single one of these tried a MITM attaccc & multiple other OTS exploits. They were blocked and logged.
Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #akamai
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #AMER on #akamai hosting since November 2022ish for #Prosecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
a23-2-76-180.deploy.static.akamaitechnologies.com²
a96-7-153-84.deploy.static.akamaitechnologies.com³
a104-86-4-102.deploy.static.akamaitechnologies.com⁴
a184-31-10-236.deploy.static.akamaitechnologies.com⁵
a96-6-226-157.deploy.static.akamaitechnologies.com⁶
a23-50-34-13.deploy.static.akamaitechnologies.com⁷
a23-15-137-146.deploy.static.akamaitechnologies.com⁸
a23-213-123-78.deploy.static.akamaitechnologies.com⁹
a23-213-123-78.deploy.static.akamaitechnologies.com¹⁰
a23-11-22-101.deploy.static.akamaitechnologies.com¹¹
a23-59-206-230.deploy.static.akamaitechnologies.com¹²
a104-125-55-184.deploy.static.akamaitechnologies.com¹³
a23-78-154-233.deploy.static.akamaitechnologies.com¹⁴
a23-7-132-30.deploy.static.akamaitechnologies.com¹⁵
a104-86-104-224.deploy.static.akamaitechnologies.com¹⁶
a104-122-42-39.deploy.static.akamaitechnologies.com¹⁷
a23-202-60-225.deploy.static.akamaitechnologies.com¹⁸
a104-86-184-250.deploy.static.akamaitechnologies.com¹⁹
a184-51-48-250.deploy.static.akamaitechnologies.com²⁰
a104-121-159-217.deploy.static.akamaitechnologies.com²¹
a104-121-159-225.deploy.static.akamaitechnologies.com²²
a104-84-227-133.deploy.static.akamaitechnologies.com²³
a23-42-151-231.deploy.static.akamaitechnologies.com²⁴
a23-40-167-73.deploy.static.akamaitechnologies.com²⁵
a23-223-16-122.deploy.static.akamaitechnologies.com²⁶
a184-31-10-237.deploy.static.akamaitechnologies.com²⁷
a23-48-32-80.deploy.static.akamaitechnologies.com²⁸
a23-48-32-75.deploy.static.akamaitechnologies.com²⁹
a173-222-162-31.deploy.static.akamaitechnologies.com³⁰
a23-45-32-210.deploy.static.akamaitechnologies.com³¹
a184-30-164-84.deploy.static.akamaitechnologies.com³²
a23-59-200-173.deploy.static.akamaitechnologies.com³³
a23-43-191-224.deploy.static.akamaitechnologies.comThis is just #akamai attaccc nodes for the past two years I have logged as #FinFisher shims/proxies/nodes. Every single one of these tried a MITM attaccc & multiple other OTS exploits. They were blocked and logged.
Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #Google
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #AMER on #Google hosting since November 2022ish for #Prosecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
sfo07s13-in-f174.1e100.net²
159.240.178.107.bc.googleusercontent.com³
25.25.190.35.bc.googleusercontent.com⁴
51.241.186.35.bc.googleusercontent.com⁵
183.34.211.130.bc.googleusercontent.com⁶
173.194.166.198⁷
74.125.166.169⁸
173.194.166.106⁹
173.194.167.9¹⁰
142.250.138.97¹¹
142.250.138.95¹²
142.250.138.94¹³
142.250.114.97¹⁴
142.250.138.100¹⁵
142.250.138.101¹⁶
142.250.138.138¹⁷
142.250.138.139¹⁸
142.250.138.113¹⁹
142.250.114.95²⁰
142.250.138.102²¹
sfo07s16-in-f78.1e100.net²²
dns.google²³
74.125.20.94²⁴
142.250.101.188²⁵
172.253.112.188²⁶
238.105.188.35.bc.googleusercontent.com²⁷
sfo03s26-in-f10.1e100.net²⁷
sfo03s25-in-f10.1e100.net²⁸
sfo03s24-in-f10.1e100.net²⁹
nuq04s45-in-f10.1e100.net³⁰
sfo03s27-in-f10.1e100.net³¹
sfo03s21-in-f10.1e100.net³²
nuq04s42-in-f10.1e100.net³³
nuq04s39-in-f10.1e100.net³⁴
sfo03s18-in-f10.1e100.net³⁵
142.250.176.10³⁶
lax17s50-in-f3.1e100.net³⁷
sfo03s33-in-f10.1e100.net³⁸
142.251.46.163This is just #Google attaccc nodes for the past two years I have logged as #FinFisher shims/proxies/nodes. Every single one of these tried a MITM attaccc & multiple other OTS exploits. They were blocked and logged.
Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #AWS
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #AMER & #EU on #AWS hosting since November 2022ish for #Prosecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
ec2-52-25-170-148.us-west-2.compute.amazonaws.com²
ec2-52-42-61-176.us-west-2.compute.amazonaws.com³
ec2-52-25-170-148.us-west-2.compute.amazonaws.com⁴
ec2-44-236-58-13.us-west-2.compute.amazonaws.com⁵
ec2-44-240-164-68.us-west-2.compute.amazonaws.com⁶
ec2-52-41-118-210.us-west-2.compute.amazonaws.com⁷
ec2-52-35-177-24.us-west-2.compute.amazonaws.com⁸
35.82.205.248⁹
ec2-54-191-45-53.us-west-2.compute.amazonaws.com¹⁰
ec2-44-241-110-131.us-west-2.compute.amazonaws.com¹¹
ec2-35-82-235-74.us-west-2.compute.amazonaws.com¹²
ec2-54-68-18-200.us-west-2.compute.amazonaws.com¹³
ec2-54-184-79-208.us-west-2.compute.amazonaws.com¹⁴
ec2-52-10-247-144.us-west-2.compute.amazonaws.com¹⁵
ec2-54-186-72-30.us-west-2.compute.amazonaws.com¹⁶
ec2-13-234-145-166.ap-south-1.compute.amazonaws.com¹⁷
ec2-52-21-175-83.compute-1.amazonaws.com¹⁸
ec2-44-229-72-171.us-west-2.compute.amazonaws.com¹⁹
ec2-44-230-23-250.us-west-2.compute.amazonaws.com²⁰
ec2-52-20-36-26.compute-1.amazonaws.com²¹
ec2-52-204-216-203.compute-1.amazonaws.com²²
ec2-13-235-220-86.ap-south-1.compute.amazonaws.com²³
ec2-18-235-29-229.compute-1.amazonaws.com²⁴
ec2-15-207-179-172.ap-south-1.compute.amazonaws.com²⁵
ec2-176-34-188-147.eu-west-1.compute.amazonaws.com²⁶
ec2-176-34-188-143.eu-west-1.compute.amazonaws.com²⁷
ec2-18-218-105-211.us-east-2.compute.amazonaws.com²⁸
ec2-3-21-177-140.us-east-2.compute.amazonaws.com²⁹
ec2-34-205-198-58.compute-1.amazonaws.com³⁰
ec2-3-20-61-88.us-east-2.compute.amazonaws.com³¹
ec2-13-59-255-164.us-east-2.compute.amazonaws.com³²
ec2-3-221-252-182.compute-1.amazonaws.com³³
ec2-54-236-219-191.compute-1.amazonaws.com³⁴
ec2-18-156-155-177.eu-central-1.compute.amazonaws.com³⁵
ec2-34-212-53-52.us-west-2.compute.amazonaws.com³⁶
ec2-54-246-112-81.eu-west-1.compute.amazonaws.com³⁷
ec2-54-217-236-154.eu-west-1.compute.amazonaws.com³⁸
ec2-46-137-158-3.eu-west-1.compute.amazonaws.com³⁹
ec2-176-34-105-145.eu-west-1.compute.amazonaws.com⁴⁰
ec2-52-0-252-134.compute-1.amazonaws.com⁴¹
ec2-176-34-123-171.eu-west-1.compute.amazonaws.com⁴²
ec2-54-228-232-250.eu-west-1.compute.amazonaws.com⁴³
ec2-54-217-245-217.eu-west-1.compute.amazonaws.com⁴⁴
ec2-52-0-252-1.compute-1.amazonaws.com⁴⁵
ec2-52-0-252-3.compute-1.amazonaws.com⁴⁶
ec2-52-0-252-2.compute-1.amazonaws.com⁴⁷
ec2-54-246-123-138.eu-west-1.compute.amazonaws.com⁴⁸
ec2-54-191-65-148.us-west-2.compute.amazonaws.comThis is just #AWS attaccc nodes for the past two years I have logged as #FinFisher shims/proxies/nodes. Every single one of these tried a MITM attaccc & multiple other OTS exploits. They were blocked and logged.
Cities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/ -
CW: #GammaGroup #FinFisher #FinSpy #SystemApp callback list of hosts / shims on #BunnyNet via #DataPacket
Historical list of #SystemApp callback to #FinFisher clients logged while on #InfoseceXchange that's good for #tcpdump correlation #investigations in #Germany on the CDN #DataPacket hosting the #BunnyNet since November 2022ish for #GermanProsecutors to correlate.
#FinFisherCom🤝#EnemyOfTheInternet
#CALEA #greymarket #CALEAmalware 🔍🧐#infosec
¹
143-244-49-183.bunnyinfra.net²
143-244-50-83.bunnyinfra.net³
169.150.221.147⁴
143-244-50-88.bunnyinfra.net⁵
143-244-50-211.bunnyinfra.net⁶
169-150-249-163.bunnyinfra.net⁷
169-150-221-147.bunnyinfra.net⁸
143-244-50-82.bunnyinfra.net⁹
143-244-50-213.bunnyinfra.net¹⁰
143-244-50-209.bunnyinfra.net¹¹
143-244-49-180.bunnyinfra.net¹²
143.244.50.214¹³
185-93-1-251.bunnyinfra.net¹⁴
unn-169-150-249-163.datapacket.com¹⁵
unn-169-150-249-165.datapacket.com¹⁶
unn-169-150-249-164.datapacket.com¹⁷
unn-169-150-249-166.datapacket.comCities:
¹
https://www.reddit.com/r/netzpolitik/comments/jax0e3/our_criminal_complaint_german_statemalware/²
https://en.wikipedia.org/wiki/FinFisher⁵
https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts/